Hi,
I'd like to make a suggestion that passwords not be logged in clear text. For example: Thu Mar 27 2008 00:06:08,762 EDT INFO org.apache.ftpserver.listener.mina.MinaFtpProtocolHandler - [/10.6.20.226:63995] RECEIVED: PASS admin We find the protocol logging to be useful, but logging of passwords will make security folks unhappy. Perhaps, it could just log ******* or somesuch? If this is non-controversial I'll be happy to file a bug. (FYI, we're working on the 1.4 branch while the trunk is under construction) Thanks, -Dan
